Reddit: Reddit talk promotion offers don't expire, allowing users to accept them after being demoted

Description: When promoting a user to a speaker/host, an offerId is created which can be accepted by the user. However, after accepting them the offerIds don't expire. This means that after the user is demoted back to a listener, they can still use the offerIds to go back to their previous promot...

WordPress plugin Accept Stripe Payments cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-2194

The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2194

The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2194

The CVE-2022-2194 entry concerns the WordPress Accept Stripe Payments plugin, affected versions before 2.0.64. The issue is a cross-site scripting (XSS) vulnerability caused by insufficient sanitization/escaping of certain plugin settings, enabling an admin (high privilege) to perform XSS even wh...

WordPress plugin Accept Stripe Payments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-31156 Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

CVE-2022-34815

A cross-site request forgery CSRF vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs...

GSD-2022-1003102 Bluetooth: use hdev lock for accept_list and reject_list in conn req

Bluetooth: use hdev lock for acceptlist and rejectlist in conn req This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

PT-2025-8602 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition in the Linux kernel's mptcp socket handling can lead to a use-after-free UaF access. This occurs when the listener socket owning a relevant request is closed, freeing...

CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

Exploit for CVE-2021-43008

cve-2022-21907-http.sys by 1vere$k CVE-2022-21907 - Double Fre...

golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...

GHSA-XMC9-6P56-3C4V Apache Tomcat XSS In Accept-Language Headers

Cross-site scripting XSS vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"...

Apache Tomcat XSS In Accept-Language Headers

Cross-site scripting XSS vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"...

CVE-2022-29534

An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header...

Design/Logic Flaw

An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header...

PT-2022-19684 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.158 Description: An issue was discovered in the UsersController.php file, where password confirmation can be bypassed via vectors involving an "Accept: application/json" header. Recommendations: For versions prior t...

MISP 授权问题漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP before 2.4.158, which originates in...